Loading...
Loading...
Found 1,033 Skills
Security best practices and threat mitigation patterns for PACT framework development. Use when: implementing authentication or authorization, handling API credentials, integrating external APIs, processing sensitive data (PII, financial, health), reviewing code for vulnerabilities, or enforcing SACROSANCT security rules. Triggers on: security audit, credential handling, OWASP, auth flows, encryption, data protection, backend proxy pattern, frontend credential exposure.
INVOKE THIS SKILL when creating, running, or analyzing Arize experiments. Covers experiment CRUD, exporting runs, comparing results, and evaluation workflows using the ax CLI.
Read Discord for financial research using the discord-cli tool (read-only). Use this skill whenever the user wants to read Discord channels, search for messages in trading servers, view guild/channel info, monitor crypto or market discussion groups, or gather financial sentiment from Discord. Triggers include: "check my Discord", "search Discord for", "read Discord messages", "what's happening in the trading Discord", "show Discord channels", "list my servers", "Discord sentiment on BTC", "what are people saying in Discord about AAPL", "monitor crypto Discord", "export Discord messages", any mention of Discord in context of reading financial news, market research, or trading community discussions. This skill is READ-ONLY — it does NOT support sending messages, reacting, or any write operations.
Decision-first data analysis with statistical rigor gates. Use when analyzing CSV, JSON, database exports, API responses, logs, or any structured data to support a business decision. Handles: trend analysis, cohort comparison, A/B test evaluation, distribution profiling, anomaly detection. Do NOT use for codebase analysis (use codebase-analyzer), codebase exploration (use explore-pipeline), or ML model training.
Scans code for security vulnerabilities including injection attacks, authentication flaws, exposed secrets, insecure dependencies, and data exposure. Use when the user says "security review", "is this secure?", "check for vulnerabilities", "audit this", or before deploying to production.
Design and operate privacy and data security programs for SEC-registered firms under Reg S-P, Reg S-ID, and SEC cybersecurity expectations. Use when the user asks about privacy notices, the Safeguards Rule, identity theft prevention programs, breach notification obligations, vendor security due diligence, incident response planning, data classification, or state privacy law compliance. Also trigger when users mention 'customer data was exposed', 'do we need to notify clients of a breach', 'cybersecurity exam prep', 'cloud vendor risk assessment', 'encrypting client data', 'BYOD security policy', 'Red Flags Rule', 'NY DFS 500 requirements', or ask how to handle a cybersecurity incident.
Fast, zero-config AWS SSO login helper that discovers accounts and roles, configures AWS profiles, and auto-configures EKS Kubernetes contexts. Use when authenticating with AWS SSO, switching between AWS accounts or roles, setting up AWS profiles for CLI usage, configuring Kubernetes contexts for EKS clusters, or exporting AWS_PROFILE for tools that support named profiles.
Smart CSV importer with format auto-detection. Handles major banks in Canada and US, plus payment platforms (Stripe, PayPal, Wise, WeChat Pay, Alipay) and browser-assisted exports gathered through `/cfo-statement-export`. Use when importing bank or credit card CSV exports. CLEAR step: C (Capture)
Unauthorized access playbook for common exposed services. Use when Redis, Rsync, PHP-FPM, AJP/Ghostcat, Hadoop YARN, H2 Console, or similar management interfaces are exposed without authentication.
RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.
Scan code for security vulnerabilities and secrets. Detect exposed secrets, insecure patterns, and common vulnerabilities.
Audit the game for security vulnerabilities: save tampering, cheat vectors, network exploits, data exposure, and input validation gaps. Produces a prioritised security report with remediation guidance. Run before any public release or multiplayer launch.